Nothing Special   »   [go: up one dir, main page]

TWI835134B - Card reader and controller thereof, and method for permission management - Google Patents

Card reader and controller thereof, and method for permission management Download PDF

Info

Publication number
TWI835134B
TWI835134B TW111117478A TW111117478A TWI835134B TW I835134 B TWI835134 B TW I835134B TW 111117478 A TW111117478 A TW 111117478A TW 111117478 A TW111117478 A TW 111117478A TW I835134 B TWI835134 B TW I835134B
Authority
TW
Taiwan
Prior art keywords
specific
memory device
card
card reader
controller
Prior art date
Application number
TW111117478A
Other languages
Chinese (zh)
Other versions
TW202344989A (en
Inventor
蕭俊竑
林能賢
Original Assignee
瑞昱半導體股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 瑞昱半導體股份有限公司 filed Critical 瑞昱半導體股份有限公司
Priority to TW111117478A priority Critical patent/TWI835134B/en
Priority to US18/140,578 priority patent/US20230367490A1/en
Publication of TW202344989A publication Critical patent/TW202344989A/en
Application granted granted Critical
Publication of TWI835134B publication Critical patent/TWI835134B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0679Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0629Configuration or reconfiguration of storage systems
    • G06F3/0632Configuration or reconfiguration of storage systems by initialisation or re-initialisation of storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0644Management of space entities, e.g. partitions, extents, pools
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0653Monitoring storage devices or systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Lock And Its Accessories (AREA)

Abstract

A card reader and a controller thereof, and a method for permission management are provided. The card reader includes a storage device and the controller, wherein the controller is coupled to the storage device. The storage device is configured to store specific identification data of a specific memory device. The controller is configured to receive identification data of an external memory device from the external memory device which is plugged in the card reader, and determine whether the external memory device is the specific memory device according to the identification data and the specific identification data, to generate a determination result. More particularly, the controller may control whether to allow permission of at least one function according to the determination result.

Description

讀卡機及其控制器以及權限管理方法 Card reader and its controller and rights management method

本發明是關於讀卡機,尤指一種讀卡機及其控制器以及權限管理方法。 The present invention relates to a card reader, and in particular, to a card reader, its controller and an authority management method.

隨著數位化時代的來臨,數位資料已慢慢的取代紙本等實體資料。為了避免有心人士取得私密資料,許多廠商推出了具備安全機制的隨身碟以保護儲存在其內的資料。例如,隨身碟上可配置有可輸入密碼的數字鍵盤或者可感測指紋的辨識模組。然而,上述作法使得有心人士能輕易地得知這樣的設備儲存了私密資料在其中。此外,相較於典型的隨身碟,這樣的設備需要額外安裝鍵盤模組或是指紋辨識模組在其上,除了造成產品體積的增加外,也讓製造成本大幅提升而不易普及。 With the advent of the digital age, digital data has slowly replaced physical data such as paper. In order to prevent malicious parties from obtaining private information, many manufacturers have launched flash drives with security mechanisms to protect the data stored in them. For example, the flash drive can be equipped with a numeric keyboard for entering passwords or an identification module that can sense fingerprints. However, this approach makes it easy for interested parties to learn that such devices store private information. In addition, compared with a typical flash drive, such a device requires an additional keyboard module or fingerprint recognition module to be installed on it. In addition to increasing the size of the product, it also significantly increases the manufacturing cost and makes it difficult to popularize.

因此,需要一種新穎的方法以及相關架構,以在沒有副作用或較不會帶來副作用的情況下提供相關安全機制以保護儲存裝置中的私密資料。 Therefore, a novel method and related architecture are needed to provide relevant security mechanisms to protect private data in storage devices with no or less side effects.

本發明的目的在於提供一種讀卡機及其控制器以及權限管理方法,以在維持典型的讀卡機的功能及外觀的情況下提供記憶裝置的資訊安全機制。 The object of the present invention is to provide a card reader, its controller and a rights management method, so as to provide an information security mechanism for a memory device while maintaining the functions and appearance of a typical card reader.

本發明至少一實施例提供一種讀卡機。該讀卡機包含一儲存裝置以及一控制器,其中該控制器耦接至該儲存裝置。該儲存裝置是用來儲存一特定記憶裝置的特定辨識資料,以及該控制器是用來自插入該讀卡機的一外接記憶 裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果。尤其,該控制器可依據該判斷結果控制是否開放至少一功能的權限。 At least one embodiment of the present invention provides a card reader. The card reader includes a storage device and a controller, wherein the controller is coupled to the storage device. The storage device is used to store specific identification data of a specific memory device, and the controller is used to access an external memory plugged into the card reader. The device receives the identification data of the external memory device and determines whether the external memory device is the specific memory device based on the identification data and the specific identification data to generate a judgment result. In particular, the controller can control whether to open the permission of at least one function based on the judgment result.

本發明至少一實施例提供一種讀卡機的控制器。該控制器包含一處理電路,以及該處理電路耦接至一儲存裝置。該處理電路是用來依據該儲存裝置內的資料控制該控制器的運作,其中該儲存裝置是用來儲存一特定記憶裝置的特定辨識資料。例如,該控制器可自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果。尤其,該控制器可依據該判斷結果控制是否開放至少一功能的權限。 At least one embodiment of the present invention provides a controller of a card reader. The controller includes a processing circuit, and the processing circuit is coupled to a storage device. The processing circuit is used to control the operation of the controller based on data in the storage device, wherein the storage device is used to store specific identification data of a specific memory device. For example, the controller can receive the identification data of the external memory device from an external memory device inserted into the card reader, and determine whether the external memory device is the specific memory device based on the identification data and the specific identification data to generate One judgment result. In particular, the controller can control whether to open the permission of at least one function based on the judgment result.

本發明至少一實施例提供一種權限管理方法,其中該方法是可應用於(applicable to)一讀卡機的一控制器。該方法包含:利用該控制器自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料;利用該控制器依據該辨識資料判斷該外接記憶裝置是否為一特定記憶裝置,以產生一判斷結果;以及利用該控制器依據該判斷結果控制是否開放至少一功能的權限。 At least one embodiment of the present invention provides a rights management method, wherein the method is applicable to a controller of a card reader. The method includes: using the controller to receive identification data of the external memory device from an external memory device inserted into the card reader; using the controller to determine whether the external memory device is a specific memory device based on the identification data to generate A judgment result; and using the controller to control whether to open the permission of at least one function based on the judgment result.

本發明的實施例提供的讀卡機及其控制器以及方法能將特定記憶裝置作為鑰匙,其中當某個使用者欲存取受保護的內嵌記憶體時,需要將該特定記憶裝置插入讀卡機才能取得存取該內嵌記憶體的權限。由於讀卡機的插槽為許多電子裝置既有的機構,因此較不容易引起有心人士的注意。此外,本發明的實施例不會大幅地增加額外成本。因此,本發明能在沒有副作用或較不會帶來副作用的情況下解決相關技術的問題。 The card reader and its controller and method provided by embodiments of the present invention can use a specific memory device as a key. When a user wants to access a protected embedded memory, the specific memory device needs to be inserted into the reader. Only the card machine can gain access to the embedded memory. Since the card reader slot is an existing mechanism in many electronic devices, it is less likely to attract the attention of interested parties. Furthermore, embodiments of the present invention do not impose significant additional costs. Therefore, the present invention can solve the problems of related technologies with no or less side effects.

10,30:電子裝置 10,30: Electronic devices

50:主裝置 50: Main device

40,60:筆記型電腦 40,60:Laptop

100:讀卡機 100:Card reader

110:讀卡機控制器 110:Card reader controller

110P:處理電路 110P: Processing circuit

110M:儲存裝置 110M: storage device

120,121,122:安全數位記憶卡插座 120,121,122: Secure digital memory card socket

130,131,132,133:嵌入式多媒體記憶卡 130,131,132,133: Embedded multimedia memory card

141,142:LED燈 141,142:LED light

151:系統碟 151:System disk

152:資料碟 152:Data disc

160:USB集線器 160: USB hub

171,172:USB埠 171,172: USB port

180:USB乙太網路 180: USB Ethernet

190:RJ45埠 190:RJ45 port

700:USB擴充基座 700:USB docking station

S210~S240,S510~S550,S810~S830:步驟 S210~S240, S510~S550, S810~S830: steps

第1圖為依據本發明一實施例之一電子裝置的示意圖。 FIG. 1 is a schematic diagram of an electronic device according to an embodiment of the present invention.

第2圖為依據本發明一實施例之將安全數位記憶卡當作鑰匙的工作流程。 Figure 2 shows the workflow of using a secure digital memory card as a key according to an embodiment of the present invention.

第3圖為依據本發明一實施例之一電子裝置的示意圖。 FIG. 3 is a schematic diagram of an electronic device according to an embodiment of the present invention.

第4圖為依據本發明一實施例之一筆記型電腦的示意圖。 Figure 4 is a schematic diagram of a notebook computer according to an embodiment of the present invention.

第5圖為依據本發明一實施例之利用安全數位記憶卡解鎖第4圖所示之筆記型電腦的工作流程。 Figure 5 illustrates the workflow of using a secure digital memory card to unlock the notebook computer shown in Figure 4 according to an embodiment of the present invention.

第6圖為依據本發明一實施例之一筆記型電腦的示意圖。 Figure 6 is a schematic diagram of a notebook computer according to an embodiment of the present invention.

第7圖為依據本發明一實施例之一擴充基座裝置的示意圖。 Figure 7 is a schematic diagram of an expansion base device according to an embodiment of the present invention.

第8圖為依據本發明一實施例之一種權限管理方法的工作流程。 Figure 8 is a work flow of a rights management method according to an embodiment of the present invention.

第1圖為依據本發明一實施例之一電子裝置10的示意圖,其中電子裝置10可包含一主裝置50以及一讀卡機100。主裝置50的例子可包含(但不限於)一單晶片系統(system on a chip,SoC)以及一晶片組(chipset),其中主裝置50可透過讀卡機100存取一或多個記憶卡。讀卡機100可作為一橋接器以用來將記憶卡的協議諸如安全數位(secure digital)記憶卡使用的安全數位協議、安全數位快捷(SD Express)記憶卡使用的快捷外設組件互連(Peripheral Component Interconnect Express,PCIe)協議、多媒體記憶卡(Multimedia Card,MMC)及嵌入式多媒體記憶卡(embedded MMC,eMMC)使用的多媒體記憶卡協議、以及通用快閃記憶體儲存(Universal Flash Storage,UFS)使用的通用快閃記憶體儲存協議轉換為主裝置50使用的協議諸如通用序列匯流排(Universal Serial Bus,USB)協議。 Figure 1 is a schematic diagram of an electronic device 10 according to an embodiment of the present invention. The electronic device 10 may include a main device 50 and a card reader 100. Examples of the main device 50 may include (but are not limited to) a system on a chip (SoC) and a chipset, where the main device 50 can access one or more memory cards through the card reader 100 . The card reader 100 can be used as a bridge to interconnect memory card protocols such as the Secure Digital protocol used by secure digital memory cards, and the Express peripheral components used by Secure Digital Express (SD Express) memory cards. Peripheral Component Interconnect Express (PCIe) protocol, the Multimedia Card protocol used by Multimedia Card (MMC) and embedded MMC (eMMC), and Universal Flash Storage (UFS) ) is converted into a protocol used by the host device 50 such as a Universal Serial Bus (USB) protocol.

如第1圖所示,讀卡機100可包含一讀卡機控制器110、一儲存裝置110M、一安全數位記憶卡插座(簡稱SD插座)120、一嵌入式儲存裝置諸如嵌 入式多媒體記憶卡130(在第1圖中標示為「eMMC」以求簡明)、以及一或多個信號燈諸如發光二極體(light-emitting diode,簡稱LED)燈141及142(在第l圖中標示為「LED」以求簡明)。讀卡機控制器110可包含一處理電路110P,其中儲存裝置110M耦接至讀卡機控制器110(例如其內的處理電路110P)。在本實施例中,SD插座120可外露在讀卡機100的外殼,以容許使用者將任一安全數位記憶卡(簡稱SD卡)插入讀卡機100。嵌入式多媒體記憶卡130則可設置在讀卡機100的內部而不會外露,其中本實施例的嵌入式多媒體記憶卡130是設置在讀卡機100的內部,但本發明不限於此。需注意的是,本實施例的SD插座120以及嵌入式多媒體記憶卡130只是為了說明之目的,並非對本發明的限制。在某些實施例中,其他標準的記憶卡插座可作為SD插座120的替代設計,而符合通用快閃記憶體儲存標準或是快捷非揮發性記憶體(non-volatile memory express,NVMe)標準的嵌入式儲存裝置以及以機構的方式內嵌在讀卡機100內部的SD卡均可作為嵌入式多媒體記憶卡130的替代設計。 As shown in Figure 1, the card reader 100 may include a card reader controller 110, a storage device 110M, a secure digital memory card socket (SD socket for short) 120, an embedded storage device such as A removable multimedia memory card 130 (labeled "eMMC" in Figure 1 for simplicity), and one or more signal lights such as light-emitting diode (LED) lights 141 and 142 (in Figure 1 Labeled "LED" in the figure for simplicity). The card reader controller 110 may include a processing circuit 110P, wherein the storage device 110M is coupled to the card reader controller 110 (eg, the processing circuit 110P therein). In this embodiment, the SD socket 120 can be exposed on the casing of the card reader 100 to allow the user to insert any secure digital memory card (SD card for short) into the card reader 100 . The embedded multimedia memory card 130 can be disposed inside the card reader 100 without being exposed. The embedded multimedia memory card 130 in this embodiment is disposed inside the card reader 100, but the invention is not limited thereto. It should be noted that the SD socket 120 and the embedded multimedia memory card 130 in this embodiment are only for illustration purposes and do not limit the present invention. In some embodiments, other standard memory card sockets can be used as an alternative design to the SD socket 120, and comply with the universal flash memory storage standard or the non-volatile memory express (NVMe) standard. Embedded storage devices and SD cards that are mechanically embedded inside the card reader 100 can be used as alternative designs for the embedded multimedia memory card 130 .

需注意的是,儲存裝置110M是實施在讀卡機控制器110的外部,但本發明不限於此。在某些實施例中,儲存裝置110M可為讀卡機控制器110的一部分(例如儲存裝置110M可被內建於讀卡機控制器110中)。 It should be noted that the storage device 110M is implemented outside the card reader controller 110, but the present invention is not limited thereto. In some embodiments, the storage device 110M may be a part of the card reader controller 110 (eg, the storage device 110M may be built into the card reader controller 110).

在本實施例中,電子裝置10可為一個具備讀卡機的設備,但本發明不限於此。在某些實施例中,讀卡機100與主裝置50可為各自獨立的設備,例如讀卡機100可為外接式的讀卡機,而主裝置50可為桌上型電腦、膝上型電腦、或任意可連接讀卡機的設備,其中讀卡機100可透過符合通用序列匯流排的連接線與主裝置50互相連接,但本發明不限於此。 In this embodiment, the electronic device 10 may be a device equipped with a card reader, but the invention is not limited thereto. In some embodiments, the card reader 100 and the main device 50 can be independent devices. For example, the card reader 100 can be an external card reader, and the main device 50 can be a desktop computer or a laptop. A computer or any device that can be connected to a card reader. The card reader 100 can be connected to the main device 50 through a connection line that complies with the universal serial bus, but the invention is not limited thereto.

在本實施例中,儲存裝置110M可用來儲存一特定記憶裝置的特定辨識資料。讀卡機控制器110可用來自插入讀卡機100(例如SD插座120)的一外接記憶裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨 識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果,其中讀卡機控制器110可依據該判斷結果控制是否開放至少一功能的權限。具體來說,任一記憶卡的製造商、卡片名稱、版本、序號及/或製造日期等資訊可被記錄為所述任一記憶卡的辨識資料。以SD卡為例,任一SD卡可具有記憶卡辨識暫存器(Card Identification register,CID)以記錄上述辨識資料。尤其,這個辨識資料典型地是獨一無二的,因此可以被用來辨別不同張記憶卡。具體來說,當某一外接記憶裝置(例如一特定SD卡)被選定為用來開啟上述至少一功能的權限的鑰匙時,這個外接記憶裝置的辨識資料可在插入讀卡機100時透過軟體被記錄在儲存裝置110M中,或是由製造商直接寫入相關資訊於儲存裝置110M中,但不限於以上方法,以供後續辨識之用,其中該特定SD卡可為上述特定記憶裝置的例子,以及該特定SD卡的記憶卡辨識資料可為上述特定辨識資料的例子。 In this embodiment, the storage device 110M can be used to store specific identification data of a specific memory device. The card reader controller 110 may receive identification data from an external memory device inserted into the card reader 100 (for example, the SD socket 120), and based on the identification data and the specific identification The card reader controller 110 can control whether to open permission for at least one function based on the judgment result by identifying the data to determine whether the external memory device is the specific memory device. Specifically, information such as the manufacturer, card name, version, serial number and/or manufacturing date of any memory card can be recorded as the identification data of any memory card. Taking an SD card as an example, any SD card can have a card identification register (CID) to record the above identification data. In particular, this identification data is typically unique and can therefore be used to identify different memory cards. Specifically, when an external storage device (such as a specific SD card) is selected as the key to unlock the permissions of at least one of the above functions, the identification data of the external storage device can be used through the software when it is inserted into the card reader 100 It is recorded in the storage device 110M, or the relevant information is written directly into the storage device 110M by the manufacturer, but is not limited to the above method, for subsequent identification, in which the specific SD card can be an example of the above-mentioned specific memory device. , and the memory card identification data of the specific SD card may be an example of the above-mentioned specific identification data.

在本實施例中,讀卡機100可將邏輯單元號(logic unit number,LUN)#0對應至插入SD插座120的SD卡,並且將邏輯單元號#1對應至嵌入式多媒體記憶卡130。然而,由於與邏輯單元號#1對應的嵌入式多媒體記憶卡130不會外露在電子裝置10的外部,因此雖然讀卡機100為多邏輯單元號(multi-LUN)讀卡機,但在外觀上讀卡機100則類似單邏輯單元號(single-LUN)讀卡機。當讀卡機100被上電並且連接至主裝置50時,若未有任何記憶卡插入SD插座120,讀卡機100可避免傳送任何嵌入式多媒體記憶卡130的資料至主裝置50。若使用者將該特定SD卡插入SD插座120,讀卡機控制器110可判斷該特定SD卡的辨識資料與儲存裝置110M中的辨識資料相符合,因此除了該特定SD卡的資料可被傳送至主裝置50以外,嵌入式多媒體記憶卡130的資料也可被傳送至主裝置50。相對的,若使用者將該特定SD卡以外的任意記憶卡插入SD插座120,由於這張記憶卡的辨識資料與儲存裝置110M中的辨識資料不相符,因此該判斷結果可指出這張記憶卡不是該特定SD卡,讀卡機控制器110可避免開放存取與邏輯單元號#1對應的 記憶體(即嵌入式多媒體記憶卡130)內的資料的權限。例如,當該判斷結果可指出該這張記憶卡不是該特定SD卡時,讀卡機控制器110可通知主裝置50邏輯單元號#1不存在,而主裝置50則無法存取嵌入式多媒體記憶卡130。 In this embodiment, the card reader 100 can map logical unit number (LUN) #0 to the SD card inserted into the SD socket 120 , and map logical unit number #1 to the embedded multimedia memory card 130 . However, since the embedded multimedia memory card 130 corresponding to the logical unit number #1 is not exposed outside the electronic device 10, although the card reader 100 is a multi-logical unit number (multi-LUN) card reader, it does not appear to be the same in appearance. The upper card reader 100 is similar to a single-logical unit number (single-LUN) card reader. When the card reader 100 is powered on and connected to the host device 50 , if no memory card is inserted into the SD socket 120 , the card reader 100 can avoid transmitting any data of the embedded multimedia memory card 130 to the host device 50 . If the user inserts the specific SD card into the SD socket 120, the card reader controller 110 can determine that the identification data of the specific SD card matches the identification data in the storage device 110M, so data other than the specific SD card can be transmitted. In addition to the main device 50 , data on the embedded multimedia memory card 130 can also be transferred to the main device 50 . On the contrary, if the user inserts any memory card other than the specific SD card into the SD socket 120, since the identification data of this memory card does not match the identification data in the storage device 110M, the judgment result can indicate that this memory card Instead of this particular SD card, the card reader controller 110 may avoid opening access to the card corresponding to logical unit number #1. The permissions of the data in the memory (i.e., the embedded multimedia memory card 130). For example, when the judgment result indicates that the memory card is not the specific SD card, the card reader controller 110 can notify the host device 50 that the logical unit number #1 does not exist, and the host device 50 cannot access the embedded multimedia. Memory card 130.

第2圖為依據本發明一實施例之將SD卡當作鑰匙的工作流程,其中該工作流程是可應用於(applicable to)第1圖所示之讀卡機100。需注意的是,第2圖所示之工作流程只是為了說明之目的,並非對本發明的限制。尤其,一或多個步驟可在第2圖所示之工作流程被新增、刪除或修改。此外,只要不妨礙整體結果,這些步驟並非必須完全依照第2圖所示之步驟執行。 Figure 2 shows a workflow for using an SD card as a key according to an embodiment of the present invention, where the workflow is applicable to the card reader 100 shown in Figure 1 . It should be noted that the work flow shown in Figure 2 is for illustrative purposes only and does not limit the present invention. In particular, one or more steps may be added, deleted or modified in the workflow shown in Figure 2. Furthermore, these steps do not have to be performed exactly as shown in Figure 2 as long as they do not interfere with the overall result.

在步驟S210中,使用者可將SD卡插入讀卡機100,使得這張SD卡對應於邏輯單元號#0(在第2圖中標示為「插入SD卡,對應於LUN0」以求簡明)。 In step S210, the user can insert the SD card into the card reader 100, so that the SD card corresponds to the logical unit number #0 (marked as "insert SD card, corresponding to LUN0" in Figure 2 for simplicity) .

在步驟S220中,讀卡機控制器110可檢查這張SD卡的記憶卡辨識資料以判斷這張SD卡的辨識資料是否已被記錄在讀卡機100(例如記錄在儲存裝置110M)中(在第2圖中標示為「檢查SD卡的CID以判斷是否為特定SD卡」以便於理解)。若判斷結果為「是」,進入步驟S230;若判斷結果為「否」,進入步驟S240。 In step S220, the card reader controller 110 may check the memory card identification data of the SD card to determine whether the identification data of the SD card has been recorded in the card reader 100 (eg, recorded in the storage device 110M) (in In the second picture, it is marked as "Check the CID of the SD card to determine whether it is a specific SD card" for easier understanding). If the determination result is "Yes", proceed to step S230; if the determination result is "No", proceed to step S240.

在步驟S230中,讀卡機控制器110可將邏輯單元號#1回報至主裝置50,以容許主裝置50存取對應於邏輯單元號#1的記憶體(在第2圖中標示為「顯示LUN1」以求簡明)。 In step S230, the card reader controller 110 may report the logical unit number #1 to the host device 50 to allow the host device 50 to access the memory corresponding to the logical unit number #1 (labeled " Show LUN1" for simplicity).

在步驟S240中,讀卡機控制器110可避免將邏輯單元號#1回報至主裝置50,以避免主裝置50存取對應於邏輯單元號#1的記憶體(在第2圖中標示為「不顯示LUN1」以求簡明)。 In step S240, the card reader controller 110 may avoid reporting the logical unit number #1 to the host device 50 to prevent the host device 50 from accessing the memory corresponding to the logical unit number #1 (marked as "not showing LUN1" in Figure 2 for simplicity).

為了進一步提升與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料的安全性,當讀卡機控制器110產生的判斷結果指出該外接記憶裝置是該特定記憶裝置時(例如當該判斷結果指出插入讀卡機100的 記憶卡為該特定SD卡時),讀卡機控制器110可進一步偵測該特定記憶裝置的一插拔樣態以產生一偵測結果。舉例來說,使用者或廠商除了可預先將該特定SD卡的辨識資料記錄在儲存裝置110M以外,還可預先將該特定SD卡的一特定插拔樣態(例如特定插拔方式)進行編碼,以產生對應於該特定插拔樣態的一編碼結果,並且將該編碼結果記錄在儲存裝置110M中。當該偵測結果指出該特定SD卡的插拔樣態符合該特定插拔樣態時,讀卡機控制器110可容許主裝置50存取嵌入式多媒體記憶卡130。當該偵測結果指出該特定SD卡的插拔樣態不符合該特定插拔樣態時,讀卡機控制器110可避免主裝置50存取嵌入式多媒體記憶卡130。 In order to further enhance the security of the private data in the memory corresponding to the logical unit number #1 (such as the embedded multimedia memory card 130), when the judgment result generated by the card reader controller 110 indicates that the external memory device is the specific memory device (for example, when the judgment result indicates that the card reader 100 is inserted When the memory card is a specific SD card), the card reader controller 110 may further detect a plug-in/out state of the specific memory device to generate a detection result. For example, in addition to recording the identification data of the specific SD card in the storage device 110M in advance, the user or manufacturer can also pre-encode a specific insertion and removal mode (such as a specific insertion and removal method) of the specific SD card. , to generate an encoding result corresponding to the specific plugging and unplugging pattern, and record the encoding result in the storage device 110M. When the detection result indicates that the insertion and removal pattern of the specific SD card matches the specific insertion and removal pattern, the card reader controller 110 may allow the host device 50 to access the embedded multimedia memory card 130 . When the detection result indicates that the insertion and removal pattern of the specific SD card does not comply with the specific insertion and removal pattern, the card reader controller 110 can prevent the host device 50 from accessing the embedded multimedia memory card 130 .

在某些實施例中,該插拔樣態可包含該特定記憶裝置在一特定時段內的插拔次數。例如,記錄在儲存裝置110M的編碼結果可對應於在一特定時段(例如三十秒)內以一特定次數(例如三次)插拔該特定SD卡,其中使用者須以該特定次數插拔該特定SD卡(例如在三十秒內)才能開啟存取嵌入式多媒體記憶卡130的權限(例如使用者須在三十秒內插拔該特定SD卡三次才能使得嵌入式多媒體記憶卡130內的資料被顯示)。 In some embodiments, the plugging and unplugging pattern may include the number of plugging and unplugging of the specific memory device within a specific period of time. For example, the encoding result recorded in the storage device 110M may correspond to plugging and unplugging the specific SD card a specific number of times (e.g., three times) within a specific period of time (e.g., thirty seconds), wherein the user is required to plug and unplug the specific SD card the specific number of times. Only a specific SD card (for example, within thirty seconds) can open access to the embedded multimedia memory card 130 (for example, the user must insert and remove the specific SD card three times within thirty seconds to enable access to the embedded multimedia memory card 130 data is displayed).

在某些實施例中,該插拔樣態可包含該特定記憶裝置分別在多個特定時段內的多個插拔次數。例如,記錄在儲存裝置110M的編碼結果可對應於分別在多個特定時段(例如三十秒的第一特定時段、三十秒的第二特定時段以及三十秒的第三特定時段)內以對應的次數插拔該特定SD卡(例如在該第一特定時段內插拔該特定SD卡兩次、在該第二特定時段內插拔該特定SD卡五次、以及在該第三特定時段內插拔該特定SD卡四次),其中使用者須分別在該多個特定時段內以對應的次數插拔該特定SD卡才能開啟存取嵌入式多媒體記憶卡130的權限(例如使用者須在該第一特定時段內插拔該特定SD卡兩次、在該第二特定時段內插拔該特定SD卡五次、並且在該第三特定時段內插拔該特定SD卡四次,才能使得嵌入式多媒體記憶卡130內的資料被顯示)。這時會由讀卡機LED燈號協 助使用者判斷插卡時機。在第1圖的實施例中,讀卡機100的LED燈141可用來表示電源狀態,其中在未有任何SD卡被插入SD插座130的情況下,LED燈141可為恆亮。另外,LED燈142可用來表示資料的讀/寫狀態,其中LED燈142可閃爍以指出有資料正在透過讀卡機100進行讀/寫。在本實施例中,LED燈141的燈號可用來提示使用者目前的輸入狀態(例如用來界定該第一特定時段、該第二特定時段以及該第三特定時段)。例如,在該特定SD卡第一次被插入讀卡機100後,LED燈141可閃爍三十秒以提示使用者目前已進入該第一特定時段,其中在該第一特定時段內需要插拔該特定SD卡兩次,因此使用者須在三十秒內再插拔該特定SD卡一次,而三十秒過後,LED燈141可變為恆亮以提示使用者可開始下一輪的輸入。當使用者在LED燈141變為恆亮後重新插入該特定SD卡後,LED燈141可閃爍三十秒以提示使用者目前已進入該第二特定時段,其中在該第二特定時段內需要插拔該特定SD卡五次,因此使用者須在三十秒內再插拔該特定SD卡四次,而三十秒過後,LED燈141可變為恆亮以提示使用者可開始下一輪的輸入。當使用者在LED燈141變為恆亮後重新插入該特定SD卡後,LED燈141可閃爍三十秒以提示使用者目前已進入該第三特定時段,其中在該第三特定時段內需要插拔該特定SD卡三次,因此使用者須在三十秒內再插拔該特定SD卡兩次並且在最後將該特定SD卡留在SD插座120上,而三十秒過後,LED燈141可變為恆亮。使用者須在該第一特定時段、該第二特定時段以及該第三特定時段內均以正確的次數插拔該特定SD卡,對應於邏輯單元號#1的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料才得以被顯示。 In some embodiments, the plugging and unplugging pattern may include a plurality of plugging and unplugging times of the specific memory device within a plurality of specific time periods. For example, the encoding results recorded in the storage device 110M may correspond to the encoding results recorded in a plurality of specific time periods (eg, a first specific time period of thirty seconds, a second specific time period of thirty seconds, and a third specific time period of thirty seconds). Corresponding times of plugging and unplugging the specific SD card (for example, plugging and unplugging the specific SD card twice within the first specific time period, inserting and unplugging the specific SD card five times within the second specific time period, and inserting and unplugging the specific SD card within the third specific time period. Insert and unplug the specific SD card four times), in which the user must insert and unplug the specific SD card a corresponding number of times within the multiple specific periods to open the access permission to the embedded multimedia memory card 130 (for example, the user must Only by inserting and unplugging the specific SD card twice within the first specific time period, inserting and unplugging the specific SD card five times within the second specific time period, and inserting and unplugging the specific SD card four times within the third specific time period can causing the data in the embedded multimedia memory card 130 to be displayed). At this time, the LED light signal of the card reader will be Helps users determine when to insert cards. In the embodiment of FIG. 1 , the LED light 141 of the card reader 100 can be used to indicate the power status. When no SD card is inserted into the SD socket 130 , the LED light 141 can be always on. In addition, the LED light 142 can be used to indicate the reading/writing status of data, wherein the LED light 142 can flash to indicate that data is being read/written through the card reader 100 . In this embodiment, the light signal of the LED light 141 can be used to remind the user of the current input status (for example, used to define the first specific time period, the second specific time period, and the third specific time period). For example, after the specific SD card is inserted into the card reader 100 for the first time, the LED light 141 can flash for thirty seconds to remind the user that it has entered the first specific period, and it needs to be inserted or removed within the first specific period. The specific SD card is used twice, so the user must insert and unplug the specific SD card again within thirty seconds. After thirty seconds, the LED light 141 can turn constant light to prompt the user to start the next round of input. When the user re-inserts the specific SD card after the LED light 141 becomes constant light, the LED light 141 can flash for thirty seconds to remind the user that the user has entered the second specific period, in which it is necessary to The specific SD card is inserted and unplugged five times, so the user must insert and unplug the specific SD card four more times within thirty seconds, and after thirty seconds, the LED light 141 can become constant to remind the user that the next round can be started. input. When the user re-inserts the specific SD card after the LED light 141 becomes constant light, the LED light 141 can flash for thirty seconds to remind the user that the user has entered the third specific period, in which it is necessary to The specific SD card is inserted and unplugged three times, so the user must insert and unplug the specific SD card twice more within thirty seconds and finally leave the specific SD card on the SD socket 120. After thirty seconds, the LED light 141 Can be turned into constant light. The user must insert and unplug the specific SD card the correct number of times within the first specific time period, the second specific time period and the third specific time period, corresponding to the memory of logical unit number #1 (such as embedded multimedia memory). Only the private information in the card 130) can be displayed.

需注意的是,上述利用LED燈號提示使用者當下的輸入階段的方式只是為了說明之目的,並非對本發明的限制。在某些實施例中,上述LED燈號可透過呼吸燈、變色、或是其他方式來提示使用者。 It should be noted that the above method of using LED lights to remind the user of the current input stage is only for illustrative purposes and does not limit the present invention. In some embodiments, the above-mentioned LED light signal can remind the user through breathing light, color change, or other means.

在某些實施例中,該插拔樣態可包含該特定SD卡分別在該多個特定 時段內的多個寫保護開關狀態。具體來說,SD卡可具備寫保護開關(又稱防寫開關)以供讀卡機100判斷此張SD卡是否處在寫保護狀態,而SD卡的寫保護開關可用來增加該特定插拔樣態的編碼的複雜性。例如,在該第一特定時段內,該特定SD卡的寫保護開關需被開啟;在該第二特定時段,該特定SD卡的寫保護開關需被關閉;以及在該第三特定時段,該特定SD卡的寫保護開關需被開啟。使用者須在該第一特定時段、該第二特定時段以及該第三特定時段內均使寫保護開關在正確的狀態,對應於邏輯單元號#1的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料才得以被顯示。需注意的是,上述利用寫保護開關提供該插拔樣態的變化是以SD卡為例,若該特定記憶裝置是以其他類型的記憶卡來實施,這些記憶卡上的任意機構開關也能以類似的方式應用於本發明的插拔樣態的編碼。 In some embodiments, the plugging and unplugging state may include the specific SD card being in the plurality of specific Multiple write-protect switch states within a time period. Specifically, the SD card can be equipped with a write-protect switch (also called an anti-write switch) for the card reader 100 to determine whether the SD card is in a write-protected state, and the write-protect switch of the SD card can be used to increase the specific plug-in/out function. Modality encoding complexity. For example, during the first specific period of time, the write-protect switch of the specific SD card needs to be turned on; during the second specific period of time, the write-protect switch of the specific SD card needs to be turned off; and during the third specific period of time, the write-protect switch of the specific SD card needs to be turned on. The write-protect switch of the specific SD card needs to be turned on. The user must keep the write-protect switch in the correct state during the first specific time period, the second specific time period, and the third specific time period, corresponding to the memory of logical unit number #1 (such as the embedded multimedia memory card 130 ) can be displayed. It should be noted that the above-mentioned use of the write-protect switch to provide the change of the plug-in state is based on an SD card. If the specific memory device is implemented with other types of memory cards, any mechanical switch on these memory cards can also be used. A similar manner applies to the encoding of the plug-and-pull modality of the present invention.

在某些實施例中,該插拔樣態可包含該特定記憶裝置維持在被插入的狀態的時間長度。例如,該特定記憶裝置維持在被插入的狀態的時間長度須符合記錄在儲存裝置110M裡的編碼結果所對應的時間長度,與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)內的私密資料才得以被顯示。 In some embodiments, the plugging status may include the length of time that the particular memory device remains plugged in. For example, the length of time that the specific memory device remains in the inserted state must comply with the length of time corresponding to the encoding result recorded in the storage device 110M, the memory corresponding to the logical unit number #1 (such as the embedded multimedia memory card 130 ) can be displayed.

在某些實施例中,上述利用插拔次數、多時段的偵測、機構開關的位置以及插入時間長度來產生的插拔樣態的變化可使用其中的一或多者進行組合,以盡可能地提升插拔樣態的複雜度,從而提升整體安全性。為簡明起見,相關的實施變化在此不贅述。 In some embodiments, the above-mentioned changes in plugging and unplugging patterns generated by the number of plugging and unplugging, multi-period detection, the position of the mechanism switch, and the length of plugging time can be combined using one or more of them to achieve as much as possible. This greatly increases the complexity of plugging and unplugging, thereby improving overall security. For the sake of brevity, relevant implementation changes are not described here.

在某些實施例中,當對應於邏輯單元號#0的記憶體(例如插在SD插座120上的該特定SD卡)被拔掉後,存取與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)的權限可被立刻關閉。在某些實施例中,當對應於邏輯單元號#0的記憶體(例如插在SD插座120上的該特定SD卡)被拔掉後,存取與邏輯單元號#1對應的記憶體(例如嵌入式多媒體記憶卡130)的權限可在延遲一 段預定時間後被關閉。需注意的是,只要在讀卡機100被斷電後,下一次上電均需要再次透過該特定SD卡及/或上述插拔樣態的驗證,才可再次開啟存取嵌入式多媒體記憶卡130的權限。 In some embodiments, when the memory corresponding to logical unit number #0 (such as the specific SD card inserted in the SD socket 120) is removed, the memory corresponding to logical unit number #1 is accessed ( For example, the permissions of the embedded multimedia memory card 130) can be closed immediately. In some embodiments, when the memory corresponding to logical unit number #0 (such as the specific SD card inserted in the SD socket 120) is removed, the memory corresponding to logical unit number #1 is accessed ( For example, the permissions of the embedded multimedia memory card 130) can be delayed for a period of time. It is closed after a predetermined period of time. It should be noted that as long as the card reader 100 is powered off, the next time it is powered on, it needs to pass the verification of the specific SD card and/or the above-mentioned plug-in and pull-out mode again before the embedded multimedia memory card 130 can be accessed again. permissions.

第3圖為依據本發明一實施例之一電子裝置30的示意圖,其中電子裝置30可包含主裝置50以及讀卡機300。需注意的是,讀卡機300可為讀卡機100的例子,而讀卡機控制器110(及其內的處理電路110P)、儲存裝置110M、以及LED燈141及142的相關細節在此不重複贅述。如第3圖所示,讀卡機300可支援五個邏輯單元號,其中SD插座121(例如插入SD插座121的記憶卡)可對應於邏輯單元號#0,SD插座122(例如插入SD插座122的記憶卡)可對應於邏輯單元號#1,以及嵌入式多媒體記憶卡131、132及133可分別對應於邏輯單元號#2、#3及#4。SD插座121及122的任一者(例如每一者)可為SD插座120的例子,以及嵌入式多媒體記憶卡131、132及133的任一者(例如每一者)可為嵌入式多媒體記憶卡130的例子。 Figure 3 is a schematic diagram of an electronic device 30 according to an embodiment of the present invention. The electronic device 30 may include a main device 50 and a card reader 300. It should be noted that the card reader 300 can be an example of the card reader 100, and the relevant details of the card reader controller 110 (and the processing circuit 110P therein), the storage device 110M, and the LED lights 141 and 142 are as follows. Not repeated. As shown in Figure 3, the card reader 300 can support five logical unit numbers, in which the SD socket 121 (for example, a memory card inserted into the SD socket 121) can correspond to the logical unit number #0, and the SD socket 122 (for example, a memory card inserted into the SD socket) can correspond to the logical unit number #0. The memory card 122) may correspond to logical unit number #1, and the embedded multimedia memory cards 131, 132, and 133 may correspond to logical unit numbers #2, #3, and #4 respectively. Either (eg, each) of SD sockets 121 and 122 may be an example of SD socket 120, and any (eg, each) of embedded multimedia memory cards 131, 132, and 133 may be an example of embedded multimedia memory. Card 130 example.

需注意的是,邏輯單元號#2、#3及#4並非必須全部都以上述機制進行保護。例如,分別與邏輯單元號#3及#4對應的記憶體(例如嵌入式多媒體記憶卡132及133)內的私密資料可藉由上述安全機制進行保護,而與邏輯單元號#2對應的記憶體(例如嵌入式多媒體記憶卡131)內的資料則預設為可存取的。因此,當讀卡機300被上電或是被連接到主裝置50後,儘管在未有任何SD卡被插入SD插座121及122的情況下,嵌入式多媒體記憶卡131內的資料依然可被顯示。相較之下,使用者需要藉助於特定SD才能開啟存取嵌入式多媒體記憶卡132及133的權限。在某些實施例中,存取嵌入式多媒體記憶卡132及133的權限可透過同一張特定SD卡來開啟。例如,不論這張特定SD卡被插入SD插座121及122的哪一個SD插座,存取嵌入式多媒體記憶卡132及133的權限均可被開啟。在某些實施例中,存取嵌入式多媒體記憶卡132的權限可透過將一特定SD卡插入SD插座 121來開啟,以及存取嵌入式多媒體記憶卡133的權限可透過將這個特定SD卡插入SD插座122來開啟。在某些實施例中,存取嵌入式多媒體記憶卡132的權限可透過將一第一特定SD卡插入SD插座121及122的任一者來開啟,以及存取嵌入式多媒體記憶卡133的權限可透過將一第二特定SD卡插入SD插座121及122的任一者來開啟。在某些實施例中,存取嵌入式多媒體記憶卡132的權限可透過將一第一特定SD卡插入SD插座121來開啟,以及存取嵌入式多媒體記憶卡133的權限可透過將一第二特定SD卡插入SD插座122來開啟。需注意的是,由於SD卡典型地難以被複製,儲存裝置110M可記錄多個第一特定SD卡以及多個第二特定SD卡,其中該多個第一特定SD卡的任一者均可被插入SD插座121以開啟存取嵌入式多媒體記憶卡132的權限,以及該多個第二特定SD卡的任一者均可被插入SD插座122以開啟存取嵌入式多媒體記憶卡133的權限。 It should be noted that logical unit numbers #2, #3, and #4 do not all have to be protected by the above mechanism. For example, the private data in the memories corresponding to logical unit numbers #3 and #4 (such as embedded multimedia memory cards 132 and 133) can be protected by the above security mechanism, and the memory corresponding to logical unit number #2 The data in the body (such as the embedded multimedia memory card 131) is accessible by default. Therefore, when the card reader 300 is powered on or connected to the host device 50, even if no SD card is inserted into the SD sockets 121 and 122, the data in the embedded multimedia memory card 131 can still be read. display. In contrast, the user needs to use a specific SD to enable access to the embedded multimedia memory cards 132 and 133. In some embodiments, access to the embedded multimedia memory cards 132 and 133 may be enabled through the same specific SD card. For example, no matter which SD socket of the SD sockets 121 and 122 this particular SD card is inserted into, the permission to access the embedded multimedia memory cards 132 and 133 can be opened. In some embodiments, access to the embedded multimedia memory card 132 can be achieved by inserting a specific SD card into the SD socket. 121 to open, and access to the embedded multimedia memory card 133 can be opened by inserting this specific SD card into the SD socket 122. In some embodiments, access to the embedded multimedia memory card 132 can be enabled by inserting a first specific SD card into either of the SD sockets 121 and 122, as well as access to the embedded multimedia memory card 133. It can be opened by inserting a second specific SD card into either of the SD sockets 121 and 122. In some embodiments, access to the embedded multimedia memory card 132 can be enabled by inserting a first specific SD card into the SD socket 121 , and access to the embedded multimedia memory card 133 can be enabled by inserting a second specific SD card into the SD socket 121 . A specific SD card is inserted into the SD socket 122 to be turned on. It should be noted that since SD cards are typically difficult to copy, the storage device 110M may record a plurality of first specific SD cards and a plurality of second specific SD cards, where any of the plurality of first specific SD cards may be is inserted into the SD socket 121 to enable access to the embedded multimedia memory card 132 , and any one of the plurality of second specific SD cards can be inserted into the SD socket 122 to enable access to the embedded multimedia memory card 133 .

上述針對多個邏輯單元號的存取權限的控制,除了可透過隱藏私密資料達到安全防護之目的外,使用者也可將工作資料與私人資料儲存在不同位置(例如對應於不同邏輯單元號的記憶體),藉助於上述存取權限控制避免操作錯誤。 The above-mentioned control of access rights for multiple logical unit numbers can not only achieve security protection by hiding private data, users can also store work data and private data in different locations (for example, corresponding to different logical unit numbers). memory), with the help of the above access control to avoid operational errors.

在某些實施例中,讀卡機100(例如讀卡機300)可利用嵌入式多媒體記憶卡130(例如多媒體記憶卡131、132及133的任一者)本身提供的安全保護機制對其內的資料進行加密或是讀卡機100(例如讀卡機300)內建的加解密機制對資料進行加密,而當該特定SD卡被插入時,讀卡機100可對與特定邏輯單元號對應的記憶體(例如嵌入式多媒體記憶卡130)內的資料進行解密。如此一來,儘管有心人士可將設置在讀卡機100內部的嵌入式多媒體記憶卡130強行取出,但依然無法成功地對其內的資料進行解密以供讀取。 In some embodiments, the card reader 100 (such as the card reader 300) can utilize the security protection mechanism provided by the embedded multimedia memory card 130 (such as any of the multimedia memory cards 131, 132 and 133) itself to The data is encrypted or the encryption and decryption mechanism built into the card reader 100 (such as the card reader 300) encrypts the data. When the specific SD card is inserted, the card reader 100 can encrypt the data corresponding to the specific logical unit number. Decrypt the data in the memory (such as the embedded multimedia memory card 130). As a result, although an interested person can forcibly take out the embedded multimedia memory card 130 installed inside the card reader 100, the data therein still cannot be successfully decrypted for reading.

另外,上述的讀卡機100或讀卡機300可被應用於任何內建讀卡機的裝置諸如桌上型電腦以及筆記型電腦的解鎖運作。第4圖為依據本發明一實施例 之一筆記型電腦40的示意圖,其中讀卡機100(尤指讀卡機控制器110、儲存裝置110M以及SD插座120)可被內建在筆記型電腦40中。在本實施例中,當使用者欲對筆記型電腦40進行解鎖及登入時,使用者需將該特定SD卡插入SD插座120,而讀卡機控制器110在偵測到該特定SD卡被插入後可透過符合快捷外設組件互連協議的介面(在第4圖中標示為「PCIe」以求簡明)或通用型輸入輸出(General-purpose input/output)介面(在第4圖中標示為「GPIO」以求簡明)與主裝置50相耦接並進行溝通,其中主裝置50可因應讀卡機控制器110傳送的偵測結果控制是否解鎖筆記型電腦40以供使用者登入。 In addition, the above-mentioned card reader 100 or card reader 300 can be applied to the unlocking operation of any device with a built-in card reader, such as a desktop computer and a notebook computer. Figure 4 shows an embodiment according to the present invention A schematic diagram of a notebook computer 40, in which the card reader 100 (especially the card reader controller 110, the storage device 110M and the SD socket 120) can be built into the notebook computer 40. In this embodiment, when the user wants to unlock and log in to the notebook computer 40, the user needs to insert the specific SD card into the SD socket 120, and the card reader controller 110 detects that the specific SD card is After insertion, it can be through an interface that complies with the Peripheral Component Interconnect Express protocol (marked as "PCIe" in Figure 4 for simplicity) or a general-purpose input/output interface (marked in Figure 4 "GPIO" for simplicity) is coupled to and communicates with the main device 50, where the main device 50 can control whether to unlock the laptop 40 for the user to log in in response to the detection result sent by the card reader controller 110.

第5圖為依據本發明一實施例之利用特定SD卡解鎖第4圖所示之筆記型電腦40的工作流程。需注意的是,第5圖所示之工作流程只是為了說明之目的,並非對本發明的限制。尤其,一或多個步驟可在第5圖所示之工作流程被新增、刪除或修改。此外,只要不妨礙整體結果,這些步驟並非必須完全依照第5圖所示之步驟執行。 Figure 5 illustrates the workflow of using a specific SD card to unlock the notebook computer 40 shown in Figure 4 according to an embodiment of the present invention. It should be noted that the work flow shown in Figure 5 is for illustrative purposes only and does not limit the present invention. In particular, one or more steps may be added, deleted or modified in the workflow shown in Figure 5. Furthermore, these steps do not have to be performed exactly as shown in Figure 5 as long as they do not interfere with the overall result.

在步驟S510中,使用者可將SD卡插入讀卡機(例如第4圖所示之SD插座120)。 In step S510, the user can insert the SD card into a card reader (such as the SD socket 120 shown in Figure 4).

在步驟S520中,讀卡機控制器110可檢查這張SD卡的記憶卡辨識資料以判斷這張SD卡的辨識資料是否已被記錄在儲存裝置110M中(在第5圖中標示為「檢查SD卡的CID以判斷是否為特定SD卡」以便於理解)。若判斷結果為「是」,進入步驟S530;若判斷結果為「否」,進入步驟S550。 In step S520, the card reader controller 110 may check the memory card identification data of the SD card to determine whether the identification data of the SD card has been recorded in the storage device 110M (labeled "Check" in Figure 5 The CID of the SD card can be used to determine whether it is a specific SD card for easier understanding). If the determination result is "Yes", proceed to step S530; if the determination result is "No", proceed to step S550.

在步驟S530中,讀卡機控制器110可通知主裝置50的系統硬體及軟體該SD卡確實是該特定SD卡(在第5圖中標示為「通知系統硬體及軟體」以求簡明)。 In step S530, the card reader controller 110 may notify the system hardware and software of the host device 50 that the SD card is indeed the specific SD card (labeled "Notify the system hardware and software" in Figure 5 for simplicity. ).

在步驟S540中,主裝置50可解鎖筆記型電腦40以供使用者登入。 In step S540, the main device 50 can unlock the notebook computer 40 for the user to log in.

在步驟S550中,主裝置50可將筆記型電腦40維持在鎖定狀態(在第5 圖中標示為「無動作」以求簡明)。 In step S550, the main device 50 may maintain the notebook computer 40 in a locked state (at step S550). The figure is labeled "no action" for simplicity).

第6圖為依據本發明一實施例之一筆記型電腦60的示意圖,其中讀卡機100(尤指其內的讀卡機控制器110、儲存裝置110M以及SD插座120)可被內建在筆記型電腦60中。在本實施例中,讀卡機控制器110可透過符合快捷外設組件互連協議的介面或通用型輸入輸出介面控制筆記型電腦60中的一或多個儲存裝置(例如固態硬碟)的存取權限。例如,筆記型電腦60可包含系統硬碟151(在第6圖中標示為「系統碟」以求簡明)以及資料硬碟152(在第6圖中標示為「資料碟」以求簡明),其中主裝置50可透過符合快捷外設組件互連協議的介面(在第6圖標示為「PCIe」以求簡明)與系統硬碟151以及資料硬碟152進行溝通,以及讀卡機控制器110可透過通用型輸入輸出介面(在第6圖標示為「GPIO」以求簡明)與資料硬碟152進行溝通。具體來說,筆記型電腦60可總是顯示系統硬碟151,而資料硬碟152則可透過本發明的安全機制進行保護,因此預設地不會顯示在筆記型電腦60的作業系統上(例如資料硬碟152的電源在一開始可預設為關閉狀態)。當使用者插入該特定SD卡後,讀卡機控制器110可透過通用型輸入輸出介面開啟資料硬碟152的電源或是致能開關,並且以符合快捷外設組件互連協議的介面的熱插拔(hot plug)機制使得資料硬碟152的資料被顯示於筆記型電腦60的作業系統上。 Figure 6 is a schematic diagram of a notebook computer 60 according to an embodiment of the present invention, in which the card reader 100 (especially the card reader controller 110, the storage device 110M and the SD socket 120) can be built-in. Laptop 60. In this embodiment, the card reader controller 110 can control one or more storage devices (such as solid state drives) in the notebook computer 60 through an interface that complies with the Fast Peripheral Component Interconnect Protocol or a universal input and output interface. Access rights. For example, the notebook computer 60 may include a system hard drive 151 (labeled as a "system disk" in Figure 6 for simplicity) and a data hard drive 152 (labeled as a "data disk" in Figure 6 for simplicity), The main device 50 can communicate with the system hard drive 151 and the data hard drive 152 through an interface compliant with the Peripheral Component Interconnect Express (shown as "PCIe" in Figure 6 for simplicity), and the card reader controller 110 The data hard drive 152 can be communicated through a general-purpose input and output interface (shown as "GPIO" in Figure 6 for simplicity). Specifically, the notebook computer 60 can always display the system hard disk 151, and the data hard disk 152 can be protected by the security mechanism of the present invention, so it will not be displayed on the operating system of the notebook computer 60 by default ( For example, the power supply of the data hard disk 152 may be initially turned off by default). When the user inserts the specific SD card, the card reader controller 110 can turn on the power or enable switch of the data hard disk 152 through the universal input and output interface, and use the thermal interface that complies with the Fast Peripheral Component Interconnect Protocol. The hot plug mechanism allows the data of the data hard disk 152 to be displayed on the operating system of the notebook computer 60 .

第7圖為依據本發明一實施例之符合通用序列匯流排協議的擴充基座裝置700(簡稱「USB擴充基座」)的示意圖。在本實施例中,USB擴充基座700可包含一讀卡機(尤指其內的SD插座121及122、讀卡機控制器110以及儲存裝置110M),且可另包含符合通用序列匯流排協議的集線器160(簡稱「USB集線器」)、符合通用序列匯流排協議的連接埠171及172(簡稱為「USB埠」)、符合通用序列匯流排協議的乙太網路裝置180(簡稱為「USB乙太網路」)以及RJ45埠190。在本實施例中,USB集線器160的擴充功能(例如用來耦接主裝置50、 USB埠171及172、以及USB乙太網路180的一或多個擴充介面執行的運作)可預設為關閉狀態,其中使用者可將該特定SD卡插入SD插座121或122,以及當讀卡機控制器110偵測到該特定SD卡已被插入時,讀卡機控制器110可透過通用型輸入輸出介面(在第7圖標示為「GPIO」以求簡明)致能USB集線器160的擴充功能。因此,本發明能避免沒有權限的使用者(例如未將該特定SD卡插入SD插座121或122的使用者)使用USB擴充基座700的擴充功能。 FIG. 7 is a schematic diagram of a docking station device 700 (referred to as a "USB docking station") that complies with the Universal Serial Bus protocol according to an embodiment of the present invention. In this embodiment, the USB docking station 700 may include a card reader (especially the SD sockets 121 and 122, the card reader controller 110 and the storage device 110M), and may also include a Universal Serial Bus compliant device. protocol hub 160 (referred to as the "USB hub"), ports 171 and 172 that comply with the Universal Serial Bus protocol (referred to as the "USB ports"), and an Ethernet device 180 that complies with the Universal Serial Bus protocol (referred to as the "USB port"). USB Ethernet") and RJ45 port 190. In this embodiment, the extended functions of the USB hub 160 (for example, used to couple the host device 50, Operations performed by USB ports 171 and 172, and one or more expansion interfaces of USB Ethernet 180) may be preset to a closed state, where the user may insert the particular SD card into SD socket 121 or 122, and when reading When the card reader controller 110 detects that the specific SD card has been inserted, the card reader controller 110 can enable the USB hub 160 through the general input and output interface (shown as "GPIO" in Figure 7 for simplicity). Extended functionality. Therefore, the present invention can prevent users without authority (for example, users who have not inserted the specific SD card into the SD socket 121 or 122) from using the expansion function of the USB docking station 700.

需注意的是,以上實施例所述之符合快捷外設組件互連協議的介面、符合通用序列匯流排協議的介面、以及通用型輸入輸出介面只是為了說明之目的,並非對本發明的限制。只要不影響整體實施,這些介面的實施均可予以變化。 It should be noted that the interfaces that comply with the Fast Peripheral Component Interconnect Protocol, the interfaces that comply with the Universal Serial Bus Protocol, and the universal input and output interfaces described in the above embodiments are for illustration purposes only and do not limit the present invention. The implementation of these interfaces can be changed as long as it does not affect the overall implementation.

第8圖為依據本發明一實施例之一種權限管理方法的工作流程,其中該方法是可應用於一讀卡機的控制器諸如以上實施例的讀卡機控制器110。需注意的是,第8圖所示之工作流程只是為了說明之目的,並非對本發明的限制。尤其,一或多個步驟可在第8圖所示之工作流程被新增、刪除或修改。此外,只要不妨礙整體結果,這些步驟並非必須完全依照第8圖所示之步驟執行。 Figure 8 is a work flow of a rights management method according to an embodiment of the present invention, wherein the method can be applied to a card reader controller such as the card reader controller 110 of the above embodiment. It should be noted that the work flow shown in Figure 8 is for illustrative purposes only and does not limit the present invention. In particular, one or more steps may be added, deleted or modified in the workflow shown in Figure 8. Furthermore, these steps do not have to be performed exactly as shown in Figure 8 as long as they do not interfere with the overall result.

在步驟S810中,讀卡機控制器110可自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料。 In step S810, the card reader controller 110 may receive identification data of an external memory device inserted into the card reader.

在步驟S820中,讀卡機控制器110可依據該辨識資料判斷該外接記憶裝置是否為一特定記憶裝置(例如該特定SD卡),以產生一判斷結果。 In step S820, the card reader controller 110 may determine whether the external memory device is a specific memory device (such as the specific SD card) based on the identification data to generate a determination result.

在步驟S830中,讀卡機控制器可依據該判斷結果控制是否開放至少一功能的權限。 In step S830, the card reader controller may control whether to open the permission of at least one function based on the judgment result.

總結來說,本發明的實施例所提供的讀卡機以及相關方法能把特定外接記憶裝置當作鑰匙以解鎖電子裝置的一或多個功能。此外,本發明的實施例可將該特定外接記憶裝置的插拔樣態(例如插拔次數或插拔手法)當成密碼, 以在不需新增額外鍵盤或是指紋模組的情況下建立資料保護機制。由於本發明能維持典型的讀卡機既有的功能以及外觀,因此本發明能在沒有副作用或較不會帶來副作用的情況下提供有效的資料保護機制。 In summary, the card reader and related methods provided by embodiments of the present invention can use a specific external memory device as a key to unlock one or more functions of the electronic device. In addition, embodiments of the present invention can use the plugging and unplugging mode (such as the number of plugs and pulls or the plugging method) of the specific external memory device as a password. A data protection mechanism can be established without adding additional keyboards or fingerprint modules. Since the present invention can maintain the existing functions and appearance of a typical card reader, the present invention can provide an effective data protection mechanism with no or less side effects.

以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。 The above are only preferred embodiments of the present invention, and all equivalent changes and modifications made in accordance with the patentable scope of the present invention shall fall within the scope of the present invention.

10:電子裝置 10: Electronic devices

50:主裝置 50: Main device

100:讀卡機 100:Card reader

110:讀卡機控制器 110:Card reader controller

110P:處理電路 110P: Processing circuit

110M:儲存裝置 110M: storage device

120:安全數位記憶卡插座 120: Secure digital memory card socket

130:嵌入式多媒體記憶卡 130:Embedded multimedia memory card

141,142:發光二極體燈 141,142:LED lamp

Claims (7)

一種讀卡機,包含:一儲存裝置,用來儲存一特定記憶裝置的特定辨識資料;以及一控制器,耦接至該儲存裝置,用來自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果;其中該控制器依據該判斷結果控制是否開放至少一功能的權限,以及該至少一功能包含存取與一特定邏輯單元號對應的一嵌入式儲存裝置內的資料;其中當該判斷結果指出該外接記憶裝置是該特定記憶裝置時,該控制器偵測該特定記憶裝置的一插拔樣態以產生一偵測結果,以及該插拔樣態包含該特定記憶裝置在一特定時段內的插拔次數。 A card reader includes: a storage device used to store specific identification data of a specific memory device; and a controller coupled to the storage device for receiving the external memory device from an external memory device inserted into the card reader. The identification data of the memory device, and based on the identification data and the specific identification data, it is judged whether the external memory device is the specific memory device to generate a judgment result; wherein the controller controls whether to open the permission of at least one function based on the judgment result. , and the at least one function includes accessing data in an embedded storage device corresponding to a specific logical unit number; wherein when the determination result indicates that the external memory device is the specific memory device, the controller detects the specific A plugging and unplugging pattern of the memory device is used to generate a detection result, and the plugging and unplugging pattern includes the number of plugging and unplugging of the specific memory device within a specific period of time. 如申請專利範圍第1項所述之讀卡機,其中當該判斷結果指出該外接記憶裝置不是該特定記憶裝置時,該控制器避免開放該至少一功能的權限。 For the card reader described in Item 1 of the patent application, when the judgment result indicates that the external memory device is not the specific memory device, the controller avoids opening the permission of the at least one function. 如申請專利範圍第1項所述之讀卡機,其中該特定記憶裝置為一安全數位記憶卡,以及該插拔樣態包含該安全數位記憶卡分別在多個特定時段內的多個寫保護開關狀態。 The card reader as described in item 1 of the patent application, wherein the specific memory device is a secure digital memory card, and the plug-and-pull state includes multiple write protections of the secure digital memory card within multiple specific time periods. switch status. 如申請專利範圍第1項所述之讀卡機,其中一電子裝置包含該讀卡機,以及該至少一功能包含解鎖該電子裝置。 For the card reader described in item 1 of the patent application, an electronic device includes the card reader, and the at least one function includes unlocking the electronic device. 如申請專利範圍第1項所述之讀卡機,其中一擴充基座裝置包含該讀卡機以及一或多個擴充介面,以及該至少一功能包含致能該一或多個擴充介面。 For the card reader described in Item 1 of the patent application, an expansion base device includes the card reader and one or more expansion interfaces, and the at least one function includes enabling the one or more expansion interfaces. 一種讀卡機的控制器,包含:一處理電路,耦接至一儲存裝置,用來依據該儲存裝置內的資料控制該控制器的運作,其中該儲存裝置是用來儲存一特定記憶裝置的特定辨識資料;其中:該控制器自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料,並且依據該辨識資料以及該特定辨識資料判斷該外接記憶裝置是否為該特定記憶裝置,以產生一判斷結果;該控制器依據該判斷結果控制是否開放至少一功能的權限,以及該至少一功能包含存取與一特定邏輯單元號對應的一嵌入式儲存裝置內的資料;以及當該判斷結果指出該外接記憶裝置是該特定記憶裝置時,該控制器偵測該特定記憶裝置的一插拔樣態以產生一偵測結果,以及該插拔樣態包含該特定記憶裝置在一特定時段內的插拔次數。 A controller of a card reader includes: a processing circuit coupled to a storage device for controlling the operation of the controller based on data in the storage device, wherein the storage device is used to store a specific memory device Specific identification data; wherein: the controller receives the identification data of the external memory device from an external memory device inserted into the card reader, and determines whether the external memory device is the specific memory device based on the identification data and the specific identification data. , to generate a judgment result; the controller controls whether to open permission for at least one function based on the judgment result, and the at least one function includes accessing data in an embedded storage device corresponding to a specific logical unit number; and when When the judgment result indicates that the external memory device is the specific memory device, the controller detects a plug-and-pull state of the specific memory device to generate a detection result, and the plug-and-pull state includes the specific memory device in a The number of plugs and unplugs within a specific period of time. 一種權限管理方法,該方法可應用於(applicable to)一讀卡機的一控制器,該方法包含:利用該控制器自插入該讀卡機的一外接記憶裝置接收該外接記憶裝置的辨識資料;利用該控制器依據該辨識資料判斷該外接記憶裝置是否為一特定記憶裝 置,以產生一判斷結果;以及利用該控制器依據該判斷結果控制是否開放至少一功能的權限;其中該至少一功能包含存取與一特定邏輯單元號對應的一嵌入式儲存裝置內的資料;其中當該判斷結果指出該外接記憶裝置是該特定記憶裝置時,該控制器偵測該特定記憶裝置的一插拔樣態以產生一偵測結果,以及該插拔樣態包含該特定記憶裝置在一特定時段內的插拔次數。 A permission management method, which is applicable to a controller of a card reader, the method includes: using the controller to receive identification data of the external memory device from an external memory device inserted into the card reader ; Use the controller to determine whether the external memory device is a specific memory device based on the identification data; Set to generate a judgment result; and use the controller to control whether to open the permission of at least one function based on the judgment result; wherein the at least one function includes accessing data in an embedded storage device corresponding to a specific logical unit number ; wherein when the judgment result indicates that the external memory device is the specific memory device, the controller detects a plug-in and unplug state of the specific memory device to generate a detection result, and the plug-in state includes the specific memory The number of times a device is plugged and unplugged within a specific period of time.
TW111117478A 2022-05-10 2022-05-10 Card reader and controller thereof, and method for permission management TWI835134B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW111117478A TWI835134B (en) 2022-05-10 2022-05-10 Card reader and controller thereof, and method for permission management
US18/140,578 US20230367490A1 (en) 2022-05-10 2023-04-27 Card reader and controller, and method for permission management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111117478A TWI835134B (en) 2022-05-10 2022-05-10 Card reader and controller thereof, and method for permission management

Publications (2)

Publication Number Publication Date
TW202344989A TW202344989A (en) 2023-11-16
TWI835134B true TWI835134B (en) 2024-03-11

Family

ID=88698856

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111117478A TWI835134B (en) 2022-05-10 2022-05-10 Card reader and controller thereof, and method for permission management

Country Status (2)

Country Link
US (1) US20230367490A1 (en)
TW (1) TWI835134B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI806262B (en) * 2021-11-29 2023-06-21 慧榮科技股份有限公司 Bridge device and data storage system

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005266952A (en) * 2004-03-16 2005-09-29 Toshiba Corp Memory card control device, semiconductor memory card, card interface controller, and authentication method for semiconductor memory card
JP2008158778A (en) * 2006-12-22 2008-07-10 Fujitsu Ltd Personal identification program, method, and system
US8887270B2 (en) * 2007-11-12 2014-11-11 Micron Technology, Inc. Smart storage device
TWI444829B (en) * 2010-04-19 2014-07-11 Transcend Information Inc Removable card reader and operation method thereof
CN105144025B (en) * 2013-05-31 2019-02-12 惠普发展公司,有限责任合伙企业 Mass-memory unit
US20190034668A1 (en) * 2016-09-07 2019-01-31 Hewlett-Packard Development Company, L.P. Docking computing devices to a docking station
US10305916B2 (en) * 2017-01-02 2019-05-28 Monument Labs, Inc. Personal cloud device for digital media
US10489335B1 (en) * 2018-09-28 2019-11-26 Silicon Motion, Inc. Apparatus and method and computer program product for accessing a memory card
TWI760615B (en) * 2019-06-05 2022-04-11 瑞昱半導體股份有限公司 Method for performing detect control of write protection command of memory device, associated control chip and associated electronic device
FR3113753B1 (en) * 2020-08-25 2023-05-12 Idemia France Method for verifying a microcircuit card, method for personalizing a microcircuit card, microcircuit card and associated electronic device

Also Published As

Publication number Publication date
TW202344989A (en) 2023-11-16
US20230367490A1 (en) 2023-11-16

Similar Documents

Publication Publication Date Title
US8127150B2 (en) Data security
US7519203B2 (en) Portable encrypted storage device with biometric identification and method for protecting the data therein
US7712131B1 (en) Method and apparatus for storage and use of diagnostic software using removeable secure solid-state memory
RU2321055C2 (en) Device for protecting information from unsanctioned access for computers of informational and computing systems
US8756390B2 (en) Methods and apparatuses for protecting data on mass storage devices
US8122172B2 (en) Portable information security device
US20050216685A1 (en) Intelligent media storage system
US20020073340A1 (en) Secure mass storage device with embedded biometri record that blocks access by disabling plug-and-play configuration
RU2569577C1 (en) Device to create trusted execution environment for special purpose computers
US8844060B2 (en) Method and system for USB with an integrated crypto ignition key
US7620761B2 (en) Multi-functional storage apparatus and control method thereof
JP2006252451A (en) Storage system
TWI835134B (en) Card reader and controller thereof, and method for permission management
TWI566103B (en) Pcie bridge transformation device and method thereof
KR100841982B1 (en) Memory card storing host identification information and access method thereof
TW201019113A (en) Authenticable USB storage device and method thereof
KR101043255B1 (en) Usb hub device for providing datasecurity and method for providing datasecurity using the same
WO2004081706A2 (en) Method and apparatus for controlling the provision of digital content
JP2003099147A (en) Electronic equipment having authentication function and electronic key device
CN117131554A (en) Card reader, controller and authority management method thereof
US11216209B2 (en) Secure storage using a removable bridge
TWI612440B (en) Information storage system with information security protection
CN112905495A (en) Storage device, operation method thereof and non-volatile memory system
KR20050039290A (en) Storage media protective apparatus and method thereof
TWI742318B (en) Host system and method for unlocking electronic lock